CN112929173A - 一种基于签字识别数字证书认证方法 - Google Patents

一种基于签字识别数字证书认证方法 Download PDF

Info

Publication number
CN112929173A
CN112929173A CN202110283430.9A CN202110283430A CN112929173A CN 112929173 A CN112929173 A CN 112929173A CN 202110283430 A CN202110283430 A CN 202110283430A CN 112929173 A CN112929173 A CN 112929173A
Authority
CN
China
Prior art keywords
matrix
encryption
signature
authentication method
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110283430.9A
Other languages
English (en)
Inventor
李晓坤
徐龙
刘清源
董潍赫
黄逸群
付文香
张心雨
陈伟良
赵瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xunao Shanghai Technology Co ltd
Original Assignee
Xunao Shanghai Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xunao Shanghai Technology Co ltd filed Critical Xunao Shanghai Technology Co ltd
Priority to CN202110283430.9A priority Critical patent/CN112929173A/zh
Publication of CN112929173A publication Critical patent/CN112929173A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/30Writer recognition; Reading and verifying signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

本发明提供了一种基于签字识别数字签名认证方法,通过采集签名过程中出现较多的特征点,通过矩阵运算采集其对应的特征值。将其图像采集出来的特征值矩阵用特定的CA的私钥算法进行加密后形成特定的加密矩阵,接着通过将其用户信息的hashcode和加密矩阵的hashcode进行拼接形成新的字符串,接着通过Base64的编码格式对新的字符串进行编码生成特点的指纹存储在其证书上,同时数据库也会存储其特定的指纹,和指定的用户名信息,用于身份认证比对。

Description

一种基于签字识别数字证书认证方法
技术领域
本发明涉及信息安全,网络安全领域,尤其涉及一种基于签字识别数字证书认证方法。
背景技术
签名识别是一种基于图像处理的身份识别方式,通过采集签字过程中图像的矩阵信息,然后与数字证书上的签名信息进行相似性比对,利于类似双签名的策略进一步防止了在网络上用户身份被冒用,一定程度上保证信息和数据的完整性和安全性。
发明内容
针对现有技术中的不足,本发明的目的在于本发明提供了一种基于签字识别的方法用解决传统网络交易中身份被冒用的问题。和传统数字证书数字证书不同,该证书指纹中加上用户书写签名的相似矩阵,用户必须个人信息正确和书写内容相似才可以进行通过身份认证,从而达到强身份认证。想要进行以下操作:
1.提取签名的相似点,获取其相似的矩阵,通过以下方法达到其相似矩阵,
Figure DEST_PATH_IMAGE001
通过对(1)进行反复迭代,得到以下公式:
Figure 622997DEST_PATH_IMAGE002
2.获取其指定的hash值,hash函数有以下几大特点:输入敏感、不可逆行,冲突避免。在进行hash寻址的时候容易造成时间复杂度过大,所以需要选择合适的hash算法。而为了减少时间消耗,选择sha类型的hash算法,一定程度上解决时间开销过大问题;
3.进行非对称加密,选择ECC加密算法,该算法基于椭圆加密曲线进行设计的一种公开密钥的算法,相比于传统的RSA加密,该加密算法安全性特别高,在相同加密位数的前提下,ECC的安全性在RSA的10倍以上,同时ECC一定程度上解决了传统非对称加密过程中解码速度满,Y占据带宽大等一系列问题;
对椭圆进行积分运算可以计算出
Figure DEST_PATH_IMAGE003
椭圆公式的表达形式为:
Figure 667701DEST_PATH_IMAGE004
E的判别式为:
Figure DEST_PATH_IMAGE005
过曲线上两点做直线,求与曲线的第三个交点的问题是很容易用代数的方法来描述的,也即是求:
Figure 450368DEST_PATH_IMAGE006
化简表达式可以得到以下的值
Figure DEST_PATH_IMAGE007
所以椭圆曲线的形式如下
Figure 825070DEST_PATH_IMAGE008
同理可得
Figure DEST_PATH_IMAGE009
Figure 19203DEST_PATH_IMAGE010
所述的为椭圆曲线认证方法的基本原理
4.CRL进行证书吊销比对,CRL为信任的CA定期签发的用于记录,用户访问指定服务端时,服务器先检查证书日期是否过期,然后检查该CA定期颁发的CRL。如果该证书记录在CRL上表示该证书已经撤销;
5.接着用户书写输入指定的信息,通过上述方法获取相似矩阵,将其和证书上除指纹上的个人信息进行hash编码,接着客户端证书的CA公钥对指纹进行认证,若两者的hash值成功意味着第二次认证成功。
附图说明
图1示出了根据本发明示例实施例的一种基于签字识别数字证书的认证方法流程图。
具体实施方式
图1示出了根据本发明示例实施例的一种基于签字识别数字证书的认证方法流程图。
首先,按照上述方法采集用户指定的签字信息的特征矩阵在S101里。
在S102 中登陆指定的服务端地址。
在S102服务器在指定的发布网站上下载指定的CRL文件。
在S103 服务器访问CRl文件检查证书的实用性。
在S104若该证书的信息记录在指定的CRL信息该证书失效结束。
在S105验证成功后,则第一次验证成功。
在S106 用户书写输入指定的信息,通过上述的算法进行矩阵相似度的运算,
Figure DEST_PATH_IMAGE012A
进行多次迭代,可得,
Figure DEST_PATH_IMAGE014A
在S106里讲用户信息和其特征矩阵进行sha进行hashcode加密。
在S107通过椭圆加密曲线对证书被CA私钥签名的证书进行公钥认证
Figure DEST_PATH_IMAGE016A
Figure DEST_PATH_IMAGE018A
Figure DEST_PATH_IMAGE020A
在S108里讲用户信息和其特征矩阵进行sha进行hashcode加密。
在S109通过椭圆加密曲线对证书被CA私钥签名的证书进行公钥认证,
若比较失败跳到S110,第二次验证失败。
在S111里将hash两者hash进行比对,若进行比对成功,则第二次验证成功,则第二次验证成功。

Claims (2)

1.一种基于签字识别数字签名认证方法,通过采集签名后图片的矩阵,进行归一化处理形成特定的矩阵,接着将其和用户名信息拼接成新的字符串,接着出去特点的加密算法进行加密形成加密矩阵,最后以base64的形式进行储存。
2.一种基于签字识别的将图像处理和网络中身份认证相互结合,可以防止在网络用户身份被冒用,用户必须按照指定的证书,当登入指定的网站中书写随机信息,通过比对其矩阵的相似性来进一步判断身份是否被冒用。
CN202110283430.9A 2021-03-17 2021-03-17 一种基于签字识别数字证书认证方法 Pending CN112929173A (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110283430.9A CN112929173A (zh) 2021-03-17 2021-03-17 一种基于签字识别数字证书认证方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110283430.9A CN112929173A (zh) 2021-03-17 2021-03-17 一种基于签字识别数字证书认证方法

Publications (1)

Publication Number Publication Date
CN112929173A true CN112929173A (zh) 2021-06-08

Family

ID=76175617

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110283430.9A Pending CN112929173A (zh) 2021-03-17 2021-03-17 一种基于签字识别数字证书认证方法

Country Status (1)

Country Link
CN (1) CN112929173A (zh)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998048539A1 (en) * 1997-04-24 1998-10-29 State Of Israel, Atomic Energy Commission, Nuclear Research Center - Negev Apparatus and method for signing and authenticating digital signatures
US6745327B1 (en) * 1998-05-20 2004-06-01 John H. Messing Electronic certificate signature program
EP2615572A1 (en) * 2012-01-16 2013-07-17 Xerox Corporation Image segmentation based on approximation of segmentation similarity
CN105530258A (zh) * 2015-12-18 2016-04-27 努比亚技术有限公司 电子签名装置及方法
CN107657241A (zh) * 2017-10-09 2018-02-02 河海大学常州校区 一种面向签字笔的签名真伪性鉴别系统
CN108737376A (zh) * 2018-04-16 2018-11-02 北京明朝万达科技股份有限公司 一种基于指纹和数字证书的双因子认证方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998048539A1 (en) * 1997-04-24 1998-10-29 State Of Israel, Atomic Energy Commission, Nuclear Research Center - Negev Apparatus and method for signing and authenticating digital signatures
US6745327B1 (en) * 1998-05-20 2004-06-01 John H. Messing Electronic certificate signature program
EP2615572A1 (en) * 2012-01-16 2013-07-17 Xerox Corporation Image segmentation based on approximation of segmentation similarity
CN105530258A (zh) * 2015-12-18 2016-04-27 努比亚技术有限公司 电子签名装置及方法
CN107657241A (zh) * 2017-10-09 2018-02-02 河海大学常州校区 一种面向签字笔的签名真伪性鉴别系统
CN108737376A (zh) * 2018-04-16 2018-11-02 北京明朝万达科技股份有限公司 一种基于指纹和数字证书的双因子认证方法及系统

Similar Documents

Publication Publication Date Title
US10396985B1 (en) Federated identity management based on biometric data
US10880080B1 (en) Cryptographic key generation from biometric data
US10521616B2 (en) Remote re-enrollment of physical unclonable functions
US10541818B2 (en) Decentralized biometric signing of digital contracts
CN110674523B (zh) 一种数字签名结合手写签名确认电子合同签署人的方法
Li et al. An effective biometric cryptosystem combining fingerprints with error correction codes
CN108696358B (zh) 数字证书的管理方法、装置、可读存储介质及服务终端
US20160269178A1 (en) Privacy-Enhanced Biometrics-Secret Binding Scheme
US20060239511A1 (en) System and method for protecting the privacy and security of stored biometric data
KR20020047131A (ko) 데이터 보호 방법
US20080313726A1 (en) Integrated systems for simultaneous mutual authentication of database and user
CN108009445B (zh) 一种半中心化的可信数据管理系统
JP5676592B2 (ja) 参照点を使用した及び使用しない頑強なバイオメトリック特徴抽出
KR102360386B1 (ko) 이종 통신 네트워크 환경에서 원 엔터티를 검증 가능하며 인증 가능한 엔터티로 변환하기 위한 시스템, 방법 및 서버 컴퓨터 시스템
Liu et al. Encrypted domain matching of fingerprint minutia cylinder-code (MCC) with l1 minimization
US11722306B2 (en) Method for strong authentication of an individual
Delgado-Mohatar et al. Blockchain meets biometrics: Concepts, application to template protection, and trends
Martínez et al. Secure crypto-biometric system for cloud computing
CN113343313A (zh) 验证报告有效性鉴定方法、法律服务系统和可读存储介质
CN116010917A (zh) 隐私保护的图像处理方法、身份注册方法及身份认证方法
US11070378B1 (en) Signcrypted biometric electronic signature tokens
Yang et al. A Delaunay triangle group based fuzzy vault with cancellability
CN106709716A (zh) 基于生物特征加密进行pboc交易的方法、装置及系统
CN112929173A (zh) 一种基于签字识别数字证书认证方法
JP2008542898A (ja) テンプレート保護システムでの分類境界の形成

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210608

WD01 Invention patent application deemed withdrawn after publication